Active Job - Object injection security vulnerability
Active Job vulnerability: An Active Job bug allowed String arguments to be deserialized as if they were Global IDs, an object injection security vulnerability.
Advisories for Gem/Activejob package
2026
2018
Deserialization of Untrusted Data
A Broken Access Control vulnerability in Active Job
2014
Object Injection
A flaw in Active Job that can allow string arguments to be deserialized as if they were Global IDs. This may allow a remote attacker to inject arbitrary objects.